feat(samba): refs #5770 #5770 Mayor updates

This commit is contained in:
Javier Segarra 2024-05-08 07:35:05 +02:00
parent ba1a29ac88
commit cf259ad0ce
2 changed files with 48 additions and 43 deletions

View File

@ -1,9 +1,8 @@
const app = require('vn-loopback/server/server');
const ldap = require('../util/ldapjs-extra');
const { differences, handleExecResponse, toMap } = require('../util/helpers');
const { stdout } = require('process');
const {differences, toMap, printResults} = require('../util/helpers');
const execFile = require('child_process').execFile;
const ROLE_PREFIX = 'VN_';
// const ROLE_PREFIX = 'VN_';
/**
* Summary of userAccountControl flags:
* https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
@ -25,6 +24,7 @@ module.exports = Self => {
'adUser',
'adPassword',
'userDn',
'groupDn',
'verifyCert'
]
});
@ -47,6 +47,7 @@ module.exports = Self => {
Object.assign(this, {
adClient,
fullUsersDn: `${this.userDn},${baseDn}`,
fullGroupsDn: `${this.groupDn},${baseDn}`,
bindDn
});
},
@ -182,28 +183,27 @@ module.exports = Self => {
// Prepare data
try {
const filter = '(cn=VN_*)'
const scope = 'sub'
const baseDN = 'cn=Users,dc=verdnatura,dc=es';
const ldapMembersGroups = await this.adClient.searchAll(baseDN,{
scope,
attributes: ['cn','member'],
filter
});
// const filter = '(cn=VN_*)';
const scope = 'sub';
// const baseDN = 'cn=Users,dc=verdnatura,dc=es';
// const ldapMembersGroups = await this.adClient.searchAll(baseDN, {
// scope,
// attributes: ['cn', 'member'],
// filter
// });
// OBTENER ROLES
let rolesBD = (await $.VnRole.find({
let roles = (await $.VnRole.find({
fields: ['id', 'name', 'description'],
order: 'modified DESC',
limit: 1
}));
let roles = rolesBD.map(({id, name, description}) => ({vn:`${ROLE_PREFIX}${name}`, name, id, description}));
let rolesName = roles.map(role=>role.name)
//OBTENER LDAPSJS ROLES
const ldapGroups = (await this.adClient.searchAll(baseDN,{
let rolesName = roles.map(role => role.name);
// OBTENER LDAPSJS ROLES
const ldapGroups = (await this.adClient.searchAll(baseDN, {
scope,
attributes: ['cn', 'description'],
filter
}))/*, (err, res)=>{
}));/* , (err, res)=>{
res.on('searchEntry', entry=>{
console.log(entry)
})
@ -215,7 +215,9 @@ module.exports = Self => {
})
})*/
// OBTENER SAMBA ROLES
let sambaCurrentRoles = ldapGroups.map(({cn})=>cn);;// handleExecResponse(await this.sambaTool('group', ['list'])).filter(group => group.startsWith(ROLE_PREFIX));
let sambaCurrentRoles = ldapGroups.map(({cn}) => cn);
// handleExecResponse(await this.sambaTool('group', ['list']))
// .filter(group => group.startsWith(ROLE_PREFIX));
// Encontrar elementos a eliminar
const rolesToDelete = differences(sambaCurrentRoles, rolesName);
@ -252,7 +254,7 @@ module.exports = Self => {
usersMap.set('group1', ['employee']);
if (rolesToDelete.length > 0) {
// PROCEDIMIENTO PARA ELIMINAR USUARIOS ASOCIADOS AL ROL
let usersToDelete = rolesToDelete.flatMap(role => {
let usersToUngroup = rolesToDelete.flatMap(role => {
const exist = usersMap.get(role);
if (exist) {
@ -262,49 +264,47 @@ module.exports = Self => {
} else return [];
}
);
const resultsUserDelete = await Promise.all(usersToDelete);
const resultsUsersUngroup = await Promise.all(usersToUngroup);
printResults(resultsUsersUngroup);
// PROCEDIMIENTO PARA ELIMINAR ROLES
//const resultsRoleDelete = await Promise.all(
// rolesToDelete.map(role => this.sambaTool('group', ['delete', role]))
// );
const resultsRoleDelete = await Promise.all(
rolesToDelete.map(role => this.sambaTool('group', ['delete', role]))
);
printResults(resultsRoleDelete);
}
if (rolesToInsert.length > 0) {
// PROCEDIMIENTO PARA INSERTAR ROLES
const resultsRoleInsert = await Promise.all(
rolesToInsert.map(({description,vn}) => this.sambaTool('group', ['add', vn, `--description="${description}"`]))
rolesToInsert.map(
({description, name}) =>
this.sambaTool('group',
['add', name, `--groupou=${this.groupDN}`, `--description="${description}"`]))
);
resultsRoleInsert.forEach(({stdout}) => console.log(stdout));
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
let usersToInsert = rolesToInsert.flatMap(({name: role} )=> usersMap.get(role).map(
a => this.sambaTool('user', ['add', a,
'--random-password', '--must-change-at-next-login'])
)
);
const resultsUserInsert = await Promise.all(usersToInsert);
resultsUserInsert.forEach(({stdout}) => console.log(stdout));
printResults(resultsRoleInsert);
// PROCEDIMIENTO PARA INSERTAR USUARIOS ASOCIADOS AL ROL
let usersToGroup = rolesToInsert.flatMap(role => usersMap.get(role.name).map(
a => this.sambaTool('group', ['addmembers', role.vn, a])
a => this.sambaTool('group', ['addmembers', role.name, a])
)
);
const resultsUserGroup = await Promise.all(usersToGroup);
resultsUserGroup.forEach(({stdout}) => console.log(stdout));
printResults(resultsUserGroup);
}
if (rolesToUpdate.length > 0) {
let promises = [];
//OBTENER LDAPSJS MIEMBROS ROLES
// OBTENER LDAPSJS MIEMBROS ROLES
for await (const role of rolesToUpdate) {
const users = await this.sambaTool('group', ['listmembers', role]);
const usersToDelete = differences(users, usersMap.get(role));
promises.push(usersToDelete.map(user => this.sambaTool('group', ['removemembers', user.name])));
promises.push(usersToDelete.map(user =>
this.sambaTool('group', ['removemembers', user.name])));
const usersToInsert = differences(usersMap.get(role), users);
promises.push(usersToInsert.map(user => this.sambaTool('group', ['addmembers', user.name])));
promises.push(usersToInsert.map(user =>
this.sambaTool('group', ['addmembers', role.name, user.name])));
await Promise.all(promises);
}

View File

@ -1,12 +1,17 @@
module.exports ={
module.exports = {
toMap,
binarySearch,
differences,
printResults,
handleExecResponse
};
function handleExecResponse({stdin, stdout}) {
return stdout.split("\n");
return stdout.split('\n');
}
function printResults(results) {
// eslint-disable-next-line no-console
results.forEach(({stdout}) => console.log(stdout));
}
function toMap(array, fn) {